10 Critical Infrastructure Cyberattacks That Show How Fragile We All Are

Why Trust Techopedia

2024 will be remembered as the year when cyberattacks against the critical infrastructure of government and public bodies escalated out of control.

We have seen ransomware attacks against water utilities, along with hospital shutdowns and the health data of one-third of U.S. citizens exposed to bad actors.

Ransomware and cyber-espionage campaigns have disrupted essential services, exposed sensitive data, and cost billions in damages.

Cybercriminal groups and state-sponsored attackers have demonstrated increasingly sophisticated tactics, using unpatched vulnerabilities, poor cybersecurity practices, and vast networks to breach critical systems.

From American Water to Seattle Port and Airport to UnitedHealth — the tools of society that we rely on are under attack.

We explore through 10 examples, both in the U.S. and abroad, why we need to take infrastructure attacks more seriously before they get worse.

Advertisements

Key Takeaways

  • Cyberattacks on critical infrastructure skyrocketed in 2024, exposing systemic vulnerabilities across many nations and services.
  • Water utilities, healthcare, and transport sectors were prime targets for ransomware and espionage.
  • Over 100 million Americans’ health data was exposed in a single UnitedHealth breach.
  • Russian and Chinese state-backed actors appear to be the largest forces behind sophisticated attacks on global systems.
  • Every government and utility needs secure systems and cybersecurity strategies — attacks can be existential threats to society.

10 Critical Infrastructure Cyberattacks in 2024

Threat Actor Type of Incident  Motivation  Impact People Impacted</tdth
Ransomware Forces Arkansas City Water to Go Manual  Unknown Ransomware – Financial
– Sabotage
– Water plant moved to manual
– Triggers FBI and Homeland Investigation
≈ 11,000
American Water: Biggest Water Utility Hack in the U.S.   Unknown nation-state threat actor. Unauthorized access – Nation-state sabotage – User portal for 14 million and billion shutdown

– Lead to the FBI and CISA, OT Security Guidelines

≈ 14 million 
Ransomware at Seattle Port and Airport Causes Chaos Rhysida VPN ransomware – Nation-state sabotage

– Espionage

– Financial gains

– Delays to millions of travelers

– Key national security logistic operations distributed

≈ Hundreds of thousands 
UnitedHealth Ransomware Exposes ‘One-Third of Americans’ Data BlackCat (ALPHV) Ransomware

& data leak

– Financial Private and health data of one-third of Americans exposed ≈ 100 Million 
The Global Crowdstrike Outage  NA Forced automatic Windows update
  • NA
– Dubbed “Largest global IT outage in history” ≈ Hundreds of millions of people worldwide
Chinese Salt Typhoon Breach U.S. Telecoms and Government Wiretapping System  Salt Typhoon (Chinese threat actor) Unauthorized access – Cyber-

Espionage

– U.S. government wiretapping system and data compromised and exposed – Unknown

– Severe impact on national security

U.K. and E.U Government MinistersData Leaked In Election Times – Unknown Data scraping and data leaking – Financial

– Political

– Sensitive and personal data of over 1,000 British and E.U. Ministers leaked pre-elections – Unknown
London Ransomware Shutdowns Hospitals and Medical Procedures Attributed to the Russian state-supported group Qilin Ransomware, data leak, extortion – Financial

– Political

– Nation-state sabotage

– Hospitals and medical operations in the London area. – Unknown

– Over 1,500 medical procedures suspended

European governments hit by the Kremlin – ATP 28

– Russia’s General Staff Main Intelligence Directorate (GRU)

Nation-state sabotage, disinformation, espionage – Geopolitical interests

– Ukraine-

Russia war

-Geopolitics

Full impact unknown. Unknown

– Likely affecting the region and allies

Philippines Cyberattacks and the Wider South Sea Conflict  China-linked threat actors Nation-state, sabotage, disinformation, cyber espionage – Geopolitical interests

– South China Sea conflict

– Full impact unknown – Unknown

– Likely affecting the region and allies

10. Ransomware Forces Arkansas City Water to Go Manual

On September 22, 2024, the City of Arkansas City was hit by a ransomware attack. The plant was forced to switch to manual operations “out of precaution”. The threat actor behind the attack was never made public.

However, the event triggered a new FBI and Homeland Security investigation, and Arkansas City added its name to the concerningly long list of U.S. water providers hit by threat actors in 2024.

Experts say that the American water sector is in dire need of investment and modernization. Common security issues in the sector include legacy equipment, IT and operational technology (OT) segmentation, and supply chain security.

9. American Water: Hacking the Biggest Water Utility in the U.S.

On October 3, 2024, the largest U.S. water and sanitation utility, American Water, was hit by a cyberattack.

American Water serves 14 million people across 24 states and 18 U.S. military installations. Water quality and distribution were not affected. However, customer portals and billing services were shut down.

Experts believe the attackers are nation-state-supported and gained unauthorized access to American Water’s networks and systems. The motive of the attack, and whether data or systems were compromised still remain unclear.

Alan DeKok, CEO of InkBridge Networks, an advanced network security provider, spoke about security in industrial networks like water systems.

“Many industrial networks don’t even require authentication — they simply trust that if you can reach the network, you must be authorized to use it. This naive approach is a relic of the past that we can no longer afford.”

8. Ransomware at Seattle Port and Airport Causes Chaos

On September 13, 2024, the Port of Seattle and the Seattle–Tacoma International Airport (SEA) were successfully targeted by a ransomware attacker linked to the criminal organization Rhysida.

The attack shut down airport wi-fi, baggage services, terminal screens, check-in kiosks, ticketing, and online apps. It took the authority three weeks to get all systems back online.

The Rhysida gang is believed to be connected to the wider Russian ransomware industry.

The sophisticated abuse of VPNs and techniques linked to cyberespionage like “Living-off-the-Land” (using legitimate native tools to stage an attack), along with the strategic national security role of the Seattle Port and Airport, makes this attack stand out as more than classic ransomware.

The attack caused delays for millions of travelers and businesses, and the total cost of financial damages is unknown.

Anand Oswal, Senior Vice President and GM at Palo Alto Networks, the California-based cybersecurity firm, spoke to Techopedia.

“More than ever, critical infrastructure organizations must adopt proactive security strategies to enhance visibility and resilience across modern and legacy environments — a challenge further complicated by remote operations and new technologies like 5G.”

7. UnitedHealth Ransomware Exposes ‘One-Third of Americans’ Data

On October 25, 2024, UnitedHealth revealed that a February BlackBasta ransomware attack resulted in the breach of personal and health data from about a third of the American populationover 100 million Americans.

The attack against UnitedHealth also disrupted healthcare facilities, caused significant delays in the medical sector, and resulted in billions in damages for UnitedHealth.

BlackCat (a.k.a. ALPHV) gained access through unsecured login protocols using stolen credentials that did not have multi-factor authentication (MFA).

UnitedHealth reportedly paid $22 million in ransom, but the data was still leaked after BlackCat was shut down by the FBI and its partners.

6. Crowdstrike Update Becomes Biggest Global IT Outage in History

On July 19, the world came to a stop as hospitals suspended services, airports turned into chaos, thousands of planes around the world were grounded, and millions of devices and companies were shut down by Microsoft’s corrupted automatic Windows update from CrowdStrike.

While this attack was not malicious, we include it here as it reveals the dangers of a highly interconnected world operating on a centralized cloud  — let’s remember that “any sufficiently advanced incompetence is indistinguishable from malice.”

The cyber incident also impacted banks, hotels, manufacturing, stock markets, broadcasting, gas stations, retail stores, and many others worldwide, including governmental services.

Audian Paxson, Principal Technical Strategist at IronScales, an AI-powered cloud email security firm, told Techopedia:

“If 2024 taught us anything, it’s that the U.S. critical infrastructure is skating on thin ice when it comes to cybersecurity. This year has been a masterclass in ‘how to get caught unprepared’.

“The culprits? Not just sophisticated malware and ransomware, but a mix of outdated software and lazy password practices sprinkled with a layer of ‘we’ll patch that later’.​”

“We need to stop treating cybersecurity like an IT problem and start addressing it as a human and organizational one,” Paxson said.

5. Chinese Salt Typhoon Breach U.S. Telecoms and Government Wiretapping System

In November 2024, the cyberespionage Chinese threat actor Salt Typhoon gained access to major U.S. telecoms including AT&T, Verizon, and T-Mobile environments — and also breached the U.S. government’s wiretapping system and data.

During the U.S. presidential campaign, the FBI announced it was investigating a possible Chinese hack into the phones used by President Trump and VP JD Vance.

Technical deficits that drove the success of this cyberattack include a lack of private 5G, third-party dependency, cloud vulnerabilities, and lack of segmentation.

Antonio Sanchez, Principal Evangelist at Fortra, spoke to Techopedia about the issue at hand and security solutions.

“Organizations need to ensure they segment the network. It would also be prudent to bring in a third party to conduct penetration testing and adversary simulation to find gaps in coverage that need to be hardened.”

4. UK and EU Government Ministers’ Data Leaked In Election Times

On May 30, 2024, a dark web investigation found that official government data of British Parliament, European Parliament, and French Parliament ministers had been exposed on the dark web.

The leak happened weeks before the European elections and the U.K. July elections. Data from over 1,000 government officials, including emails, passwords, birth dates, and other sensitive data, was exposed online.

Unknown threat actors used the poor cybersecurity practices that government officials had, specifically the reuse of official gov data for public accounts.

The attack, during election times, left government officials vulnerable to fileless attacks, identity theft, phishing, extortion, deepfakes, account takeovers, and misinformation campaigns.

3. The Philippines Cyberattacks and the Wider South Sea Conflict

In April 2024, cybersecurity researchers found that the number of cyberattacks targeting the Philippines had jumped by 325%.

Cyberattacks in the Philippines included the Mustang Panda group attack, which targeted the government, the Exodus Security DDoS attacks, and unauthorized access to systems.

The U.S. cybersecurity firm Resecurity found that while some of the cyberattacks were conducted domestically, links to groups allegedly working with China became evident.

The wave of cyberattacks happened as tensions between the two countries over the South China Sea intensified. Other countries that have seen similar Chinese disruptive cyber operations include Vietnam, Taiwan, and others in the region.

2. London Ransomware Shutdowns Hospitals & Medical Procedures

In early June 2024, a ransomware attack against Synnovis — a UK pathology services firm, led to the cancellation of operations in several hospitals across London, including St. Thomas, the Royal Brompton, and the Evelina London Children’s Hospital.

Threat actors are believed to have gained access to Synnovis’s IT system via phishing.

The Russian state-supported ransomware group Qilin is also believed to be behind this attack.

The NHS described the event as a “critical incident”. It affected blood transfusions and consequently led to the cancellation of numerous medical operations, emergency services, and appointments.

1. Europe Hit by The Kremlin in Russia’s Hybrid War Against Ukraine Allies

On May 3, 2024, the German Interior Minister revealed that ATP 28, a threat actor believed to be part of the Russian military intelligence agency (GRU), gained access to the Social Democratic party headquarters, defense and aerospace sectors, as well as the aviation industry.

Five days later, Poland reported that ATP 28 had targeted its government networks. Kosovo also reported cyberattacks while in France in the run-up to the Olympics, and during the event, waves of maliciously allegedly Russian-coordinated disinformation campaigns eroded trust in the security and integrity of the Olympics.

These attacks are part of the broader Russian hybrid warfare in Europe. The main goal of this hybrid war is to push Russia´s agenda during elections and sabotage the support of NATO allies for Ukraine.

The Bottom Line

Attacks against governments, national security systems, logistics and transportation, and healthcare and water reveal a clear warning: Nation-state threat actors, cybercriminal gangs, and hacktivists have critical infrastructure in their crosshairs.

While technical solutions exist to make the critical infrastructure sector safer, the question is whether organizations and officials will react in time or keep putting up fires until a preventable human tragedy shocks the world.

As Christopher Warner, Senior Security Consultant at GuidePoint Security, the cybersecurity consulting and services firm, told us:

“We’ve seen water systems compromised, transportation networks crippled, electric substations targeted, threatening widespread blackouts, and food supply chains put at risk.

“From maritime ports to air travel, these disruptions make one thing clear: these attacks aren’t just technical breaches; they’re existential threats to entire nations and regions.”

FAQs

What are the most common targets of infrastructure cyberattacks?

Why are nation-state actors targeting critical infrastructure?

What was the most significant infrastructure attack in 2024?

What are the financial costs of infrastructure cyberattacks?

Why is healthcare frequently targeted by ransomware?

Advertisements

Related Reading

Related Terms

Advertisements
Ray Fernandez
Senior Technology Journalist
Ray Fernandez
Senior Technology Journalist

Ray is an independent journalist with 15 years of experience, focusing on the intersection of technology with various aspects of life and society. He joined Techopedia in 2023 after publishing in numerous media, including Microsoft, TechRepublic, Moonlock, Hackermoon, VentureBeat, Entrepreneur, and ServerWatch. He holds a degree in Journalism from Oxford Distance Learning, and two specializations from FUNIBER in Environmental Science and Oceanography. When Ray is not working, you can find him making music, playing sports, and traveling with his wife and three kids.